My ISP provided ADSL modem died after a short service life and rather than purchase/rent another one, I bought a Netis Dl4201 that is soon to arrive.

I believe I have most of the config settings but am confused on the MTU.

My ISP uses PPPoE which I read will not handle packets > 1492. On the FreeBSD forums, I found this advice:

Quote:

There can be any number of reasons resulting in poor download speed. Unless the experts chime in an say there is a known issue with FreeBSD 10.3-RELEASE I'm gonna say I doubt its the OS.

I am curious if this is an MTU issue. Can you verify what your ISP/DSL MTU is, and then verify what the MTU of your computer? On my machines its 1500 and I know 1500 matches my service provider service. Your computer MTU should be equal or less than the smallest MTU between yourself and your ISP. Thus check your router too. If you send packet sizes larger than MTU they will get fragmented down, and that causes a performance hit.

My OpenBSD NIC cards have default MTU's of 1500 as does my Linksys wrt54G router. At this time, I am going to set the Netis ADSL modem, which has a single port router (bridge/vpn capability), MTU to 1492. Should I do the same to all my devices on the LAN side?

I am also confused on the need for the bridge. My understanding is that bridge mode will just pass all packets to the Linksys router. My ISP's website instructions for configuring your own modem say nothing about MTU or bridge mode.

RFC 4638 defines a mechanism designed to to exceed the 1492 octet MTU maximum. However, your Netis gateway does not mention it on its specification page. Both your ISP and your gateway would need to have support for this mechanism for you to exceed 1492 bytes.

I have never used PPPoE, so I do not have any specific provisioning guidance. There is a discussion of MTU and MSS values in the pppoe(4) OpenBSD man page.

Tech support at my ISP was clueless about MTU settings - a supervisor did say to set the modem's MTU to 1492 bytes. Hopefully, it was not just to make me go away.

What I'm wondering is is if I generate a data packets of 1500 octets on my system, say in an email with attachments, I would expect it to fragment when passed over the segment between the Netis modem and the ISP. My re(4) ifconfig settings show an MTU of 1500:

According to the pppoe(4) man page I referenced above, yes, you should expect fragmentation in certain configurations, such as when you are using NAT. Please see the section of that man page labelled MTU/MSS ISSUES.

The pppoe(4) indicates that the issue is if I both connect via pppoe and run NAT - either one separately is not an issue. So the question is if I'm running NAT and this is also confusing. My "Learn Networking in 24 hours" handbook says that if I'm using the 192.168.1.1 address block then I am using NAT. My router does not refer to that syntax and I have disable any port forwarding or vpn.

I did set the routers MTU from Auto -> Manual at 1492. If I am running NAT then it looks like the best way to set this is via a /etc/pf.conf entry. I'm assuming they do not support jumbo frames as their supervisor instructed to set the modems mtu at 1492.

Am I running NAT based on a router, dumb'd down for home users, with an address of 192.168.1.1 and a modem address of 192.168.0.1?

Last edited by shep; 8th November 2016 at 11:52 PM.
Reason: added dumb'd down concern

I don't know, because I don't have a clear understanding of your network. But neither do you, so I will guess you are not using NAT yourself -- other than in your ISP connected router.

What is NAT? Network Address Translation. NAT is only performed by a router, and it is possible (but unlikely) your local network may have routers other than the Netis device. Your Netis device is a router, and it performs NAT. But any of your computers with 2 or more NICs could also act as a router.

---

To understand NAT, you must first understand what a router is, and what one does. Simply described, a router is a computer with at least two NICs, which routes, or forwards packets from one network to another.

Here is an example of two TCP/IP networks, each with 3 computers, and with with a router in between. The router has two NICs, with an address on both networks.

Without NAT, each of the six computers is identified by its own IP address. Communication between Computer 1A and 2C require that they each know the other's IP address. (Also, that they know there is a router between them.)

But with NAT, the router will translate packets, as if they originated on the router alone. If we use NAT with Network 1, all communication with Network 2 appear to have originated in the router itself. All devices on Network 1 will share a single address: 198.51.100.21. Network 1 is now a "private" network, unseen and unknown by Network 2. If Computer 1A sends a packet to computer 2C, the router in between will change the packet, and translate the origin address. The router will also keep track of the communication, so that it knows where to forward any replies, also translating the address back in the returning packet.

The most common place to find routers that do NAT (or sometimes, "NAT Routers") is in a home or small office connected to the Internet. There may be multiple devices on a private network, but all sharing a single IP address on the Internet. They do this with a single, external facing NAT router.

----

Diagram your local network. It will help you to understand how the various bits all fit together.

Last edited by jggimi; 9th November 2016 at 01:13 AM.
Reason: clarity, typos

I'm less confused. My Netis modem/router is a single "machine" with both pppoe and NAT. My "machines" on my private LAN do connect to the Netis pppoe+NAT.

The relevant portion from the pppoe man page

Quote:

Problems can arise on machines with private IPs connecting to the
Internet via a machine running both Network Address Translation (NAT) and
pppoe. Standard Ethernet uses a maximum transmission unit (MTU) of 1500
bytes, whereas PPPoE mechanisms need a further 8 bytes of overhead. This
leaves a maximum MTU of 1492. pppoe sets the MTU on its interface to
1492 as a matter of course. However, machines connecting on a private
LAN will still have their MTUs set to 1500, causing conflict.

I can test the speeds with/without the pf.conf rule when the modem arrives. @jggimi, Thanks for all your help,

And I misread your LAN configuration. You have an inner router with two NICs. One on the 192.168.0 network, the other on the 192.168.1 network. You may use NAT, but it would depend on that inner router configuration.

However the warning in the driver man page is for a router that is also connected via pppoe.

I recall reading a recommendation that if one was using a router that the modem should utilize a bridge.

What I read on bridges last night was that they would treat the modem and the router's internet rj-45 as a single network. Bridges were described as inefficient because all broadcast traffic was sent to all devices but If the router interface is the only device, that may be minimal.

My needs are pretty basic and my inclination is configure for correctness, security and simplicity.

I don't understand the 10.0.0.2 address definition you show. But I don't think its important as you state you are using DHCP so an IP address will be assigned by your gateway router.

You are using something as an inner router, if your diagram is still sufficiently accurate. Perhaps you are using a commercial router, or perhaps this is a general purpose computer with two NICs.

---

As you've learned, a bridge logically connects two (or more) networks into a single logical network,

As discussed earlier in this thread, a router ... well... routes (or forwards) packets between two (or more) networks.

According to the Netis documentation readily and publicly available to me -- web site, data sheet, quick installation guide -- your device does not state it can operate as a bridge. That doesn't mean it won't, just that the documentation I've seen doesn't state this.

---

Setting all of that aside, let us look at configurations for an inner network, using an "inner" router such as you likely have.

An inner router defines two local networks: 1) a network between the gateway modem and the router, and 2) a network between the router and all of your local devices. That outer network might just consist of a single Ethernet cable.

If the inner router is configured to use NAT, then the outer router only sees a single inner device - the inner router. All of the devices on network 2 have NAT applied to their packets, and appear to all share the same IP address -- whatever the outer router has assigned to your inner router.

I believe you are using NAT on an inner router, but are unaware of it, because otherwise you would have to add a route to the inner network on your outer router

Here's why:

If the inner router is not using NAT, the outer router needs to have a route added to its routing table, so it can route packets destined for the inner network to the inner router.

If your inner router happens to be a general purpose computer running OpenBSD, NAT is defined by a "nat-to" clause added to a PF filter rule, as described in the NAT section of the PF User's Guide. If its a different OS or a commercial router, you'll have to refer to the appropriate documentation for that OS or that equipment.

---

A brief introduction to routing tables:

TCP/IP is a routed protocol, so that traffic can span multiple networks. Any time there is a packet to be sent to a device on another network, the sending computer inspects in its routing table. Usually, there is only one router on any network, and so there is only a single, default route for all packets destined for other networks. These default routes point at the local router's IP address.

In the case of a tiered network topology -- without NAT -- as described above in this post, the outer router would require two routes in its route table: 1) a route to the innermost network, with a "next hop" pointing to the inner router, and 2) a default route, pointing outward to a router in your ISP's network.

This customer review seems to be from someone with networking knowledge:

Quote:

By S. Tillman on December 30, 2015
Verified Purchase
This review is for the Netis DL4201 ADSL2+ modem router. This is a small low power device and has a surprising number of features and capabilities for the price.

Included in the box is a AC/DC power supply, ADSL splitter, telephone and network cable. The device has three connections: RJ-11 for DSL, RJ-45 Ethernet (link speed is 100Mbps), and power.

Power is 5 volts and uses a 2.5mm x 5.5mm barrel connector. It comes with a AC/DC adapter (800mA, 100-240V, 50/60Hz). Because it's 5v and low power it can be powered from a USB port on nearby computer using a USB to 2.5mm barrel cable: http://www.amazon.com/gp/product/B00UVH9I5A (Startech calls this a type "N").

To use it with CenturyLink....

DHCP:
On setup menu / WAN tab, at bottom of page, select and delete existing config if any. Then in upper section of the same page, enter new configuration settings (VPI=0, VCI=32, Encapsulation=VCMux, ChannelMode=PPPoA [[PPPoE seems to work too, but may depend on location with CenturyLink]] ). Click "add". Most users will want to plug the Ethernet port into a network switch (I like the Trendnet GREENnet switches), or it can be connected directly to the network port on a computer.

Bridged:
For my application I used it in bridged mode connected to the WAN interface of a pfsense firewall. Configuration settings: VPI=0, VCI=32, Encapsulation=LLC, ChannelMode=1483 Bridged. On pfsense, I set the MTU to 1492 though I'm not sure if that's absolutely necessary.

If it helps, your Linksys router is a small office / home office ("SOHO") NAT router. NAT is enabled by default, and there doesn't seem to be a mechanism to disable NAT according to the manual, or to internet searching.

Was the inaccuracy the router IP or lack of the 192,168.1.1 -NAT-> 10.0.0.2?

Anyway, the system dual boots Debian Testing and OpenBSD 6.0 and I've set the re0 interface to have MTU=1492 in both. The router arrives this afternoon, so I'll set it up and get familiar with the settings. Another issue came up (download speeds in OpenBSD are about 1/2 the Debian speed). That will have to wait for another thread.

It took the better part of the day but I'm up and running. The Netis DL4201 was a mixed bag. It provisioned OK with PPPoE but when I went to add the router I had difficulties with the router's DHCP setting provided by the modem. It was not getting a gateway.

It was much easier to set the modem using the bridge instructions and provision PPPoE at the level of the router.

I set the devices in each segment with MTU of 1492 but did not test to see if the MTU setting made a difference. I'm seeing the best upload/download speeds I've had since I started the service with a cisco 678 modem.

The Netis is also running cool with a 5V/800milliamp transformer. The documentation is dumd'd down and the configuration interface is buggy - I would get a javascript message that the code was corrupted when attempting to change the modem's IP 192.168.1.1 -> 192.168.0.1. Still with modem rental fees of $5/month, if it lasts more than 6 months it will pay for itself. Buying a modem from my ISP is a minimum of $90 and the word on the street is that most do not last more than 2 years.

Last edited by shep; 11th November 2016 at 06:52 PM.
Reason: spelling/punctuation